IBM Security Access Manager for Enterprise Single Sign-On, Version 8.2

Configuring the IBM HTTP Server plug-in and securing the connection (stand-alone)

Deploy the IBM® HTTP Server plug-in and configure connection requests to forward connections over secure Secure Sockets Layer (SSL) to the WebSphere® Application Server.

Before you begin

If the server is newly installed on a computer that has no previous versions of the server, you can use the default values for the ports. Use a utility like netstat -na -p tcp -o to check if a port is already in use.
If there are other applications listening to port 80, shut down the applications before you install the IBM HTTP Server.
Ensure that the following software is started:
- IBM HTTP Server
- IBM HTTP Server Administration Server
- WebSphere Application Server
Review the planning worksheet for the configuration settings. See Planning worksheet.

About this task

Configuring IBM HTTP Server is a three-stage process.

Grant remote server administration rights to the IBM HTTP Server configuration to simplify web server administration from the WebSphere administrative console.
Secure the connection between the IBM HTTP Server and WebSphere Application Server with a trusted SSL connection.
Centralize the connection points for each web server.

Procedure

Define the web server configuration for the WebSphere Application Server.
If the IBM HTTP Server and WebSphere Application Server are on the same computer:
1. Log on to the WebSphere administrative console, for example https://localhost:9043/ibm/console.
2. In the navigation pane, click Servers > Server types > Web servers.
3. Click New.
4. Follow the instructions in the wizard to create a definition of the web server.
  Tip: To learn more about each field, on the page, see the field descriptions in the Help pane.
  For guidance, consider the following notes:
  For Server name, specify a web server entry name, which is unique within the node for the web server. For example: webserver1.
  Tip: The Server name is not the web server host name.
  
  For Type, specify the type of web server you prepared. For example: IBM HTTP Server.
  
  For Host name, specify the host name of the web server.
  
  In Step 3 of the wizard, in the Administration server properties section, specify the IBM HTTP Server administration user credentials. For example: ihsadmin.
  
  Ensure the Use SSL check box is not selected.
  
  In the Messages box, click Save. The web server status is started.
If the IBM HTTP Server and WebSphere Application Server are not on the same computer, run the web server plug-in configuration script.
1. From <ihs_home>\Plugins\bin, on the IBM HTTP Server host , copy the configure<web_server_definition_name>.bat file. For example: configurewebserver1.bat.
2. On the application server, paste the configure<web_server_definition_name>.bat file to the <was_home>\bin folder. For example: C:\Program Files\IBM\WebSphere\AppServer\bin
3. From a command prompt, on the application server, run the following command.
  configure<web_server_definition_name>.bat -profileName <profile_name> -user <was_admin_name> -password <was_admin_password>
  For example:
  
  configurewebserver1.bat -profileName AppSrv01 -user wasadmin -password p@ssw0rd
4. Close the command prompt after the command completes with the following line:
```
Configuration save is complete.
```
You successfully configured a web server definition on the WebSphere administrative console. For example: webserver1.
In the WebSphere administrative console, click Servers > Server Types > Web servers. Verify that the web server definition is displayed. For example: webserver1.
Grant remote server management rights to the WebSphere Application Server administrator by supplying the IBM HTTP Server administrator account.
1. In the administrator console, click Servers > Server Types > Web servers.
2. Click the <Web_server_name>. For example: webserver1.
3. In the Additional Properties section on the Configuration tab, click Remote Web Server Management.
4. Enter the IBM HTTP Server administration server authentication user ID and password. For example: ihsadmin.
5. Clear the Use SSL check box.
6. Click OK.
7. In the Messages box, click Save.
(Complete this step only if the IBM HTTP Server and WebSphere Application Server are not on the same computer; or if you are using a load balancer.) Set up the SSL certificates signed by the WebSphere Application Server certificate authority.
Note: The certificate uses the IBM HTTP Server computer name as the Common Name (CN). The purpose is to facilitate communication between the client and the IBM HTTP Server.
1. On the IBM Integrated Solutions Console navigation pane, click Security > SSL certificate and key management > Key stores and certificates > CMSKeyStore > Personal certificates.
2. Select the certificate named default.
3. Click Delete.
4. Click Create > Chained Certificate.
5. Specify default as the alias for the certificate.
6. In Key size, specify the certificate key size. If the root CA for WebSphere Application Server is a 2048 bits certificate, you can specify a 2048 bits key size. The default is 1024 bits.
  Important: Do not select 2048 bits if you did not recreate the root CA with a 2048 bits key size.
7. In the Common Name field, you can enter one of the following names:
  - The fully qualified domain name of the computer where the IBM HTTP Server is installed. For example: webserver1.example.com.
  - The fully qualified host name of the load balancer if a load balancer is used.
8. Optional: Enter the remaining optional information.
9. Click OK.
10. In the Messages box, click Save.
11. If you have more than one IBM HTTP Server, for each IBM HTTP Server, repeat steps a to j.
The Personal Certificates section displays the new certificate.
Synchronize the WebSphere Application Server keystore with the IBM HTTP Server keystore.
1. On the IBM Integrated Solutions Console navigation pane, click Servers > Server Types > Web servers.
2. Click the <Web server name>. For example: webserver1.
3. In the Additional Properties section on the Configuration tab, click Plug-in properties.
4. Click Copy to Web Server key store directory.
5. Click OK.
6. In the Messages box, click Save.

Results

You defined a web server in the WebSphere Application Server configuration. The web server routes requests received from client workstations to the application server.

Feedback